As iOS simulator uses the OS proxy settings, this is done by changing them. The next step is to configure iOS simulator to use Zap as a proxy for all outgoing requests. Make sure to disable it in you’re app code before continue reading! Step 2 – Configure Proxy Settings Certificate pinning protects your app from someone trying to intercept TLS traffic – and this is why you want it. Press continue – and now you’re done! From now, Zap can intercept TLS traffic from an app running on this Simulator 👏🏽 👏🏽īefore moving to the next step – a quick reminder: If you’re app use certificate pinning, the above will not work. Press the little switch button near “OWASP Zed Attack Proxy Root CA”. Go to Settings -> General -> About -> Certificate Trust Settings: iOS Certificate Trust Settings Press the install button, and again on the install button in the next window – and we’re almost done! Now it’s important to activate the certificate – otherwise, it will not be trusted by iOS. Careful before doing something similar on your personal phone, or with a certificate that you’re not trusting! Now you should see the following window: Certificate Installation Window Press allow – only because you know what is this certificate. Once you drop the certificate, a new Safari window will appear: Safari asking if to install the certificate Now it’s time to import it – this is a simple as dragging the certificate file and dropping it inside the simulator. Go to Zap, and click Tools -> Options -> Dynamic SSL Certificates to open this menu: Zap’s Dynamic SSL Certificates MenuĬlick the little save button, and choose where to save the certificate. To install it, start by exporting the root CA from Zap. Installing the root CA certificate on our iOS device is required in order to allow Zap to inspect HTTPS traffic – by acting as a TLS termination proxy.
Let’s see how easy it is to set it up: Step 1 – Install Zap’s Root CA Certificate There are a lot of available proxies you can use (like Charles (commercial) or Fidler), but OWASP Zaproxy (Zap) is the best open source proxy that I know. This is where a proxy comes in handy: A proxy can inspect the traffic and print it an easy to understand manner. If only there was an easy way to view the actual request and response, maybe I could understand what the issue was… I freaked out – nothing I tried seems to solve the issue. Everything looks good when debugging the iOS code, but for some reason – the server failed to deserialize the request body. I was really frustrated because I couldn’t figure out why it happens. The other day I was debugging a really nasty bug that happens only in our iOS app.
0 kommentar(er)
